CN104468505A - Safety audit log playing method and device - Google Patents

Safety audit log playing method and device Download PDF

Info

Publication number
CN104468505A
CN104468505A CN201410585044.5A CN201410585044A CN104468505A CN 104468505 A CN104468505 A CN 104468505A CN 201410585044 A CN201410585044 A CN 201410585044A CN 104468505 A CN104468505 A CN 104468505A
Authority
CN
China
Prior art keywords
full screen
daily record
update request
time
screen graphics
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201410585044.5A
Other languages
Chinese (zh)
Other versions
CN104468505B (en
Inventor
李毅为
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nsfocus Technologies Inc
Nsfocus Technologies Group Co Ltd
Original Assignee
NSFOCUS Information Technology Co Ltd
Beijing NSFocus Information Security Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NSFOCUS Information Technology Co Ltd, Beijing NSFocus Information Security Technology Co Ltd filed Critical NSFOCUS Information Technology Co Ltd
Priority to CN201410585044.5A priority Critical patent/CN104468505B/en
Publication of CN104468505A publication Critical patent/CN104468505A/en
Application granted granted Critical
Publication of CN104468505B publication Critical patent/CN104468505B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • H04L67/025Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/23Updating
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
    • H04L69/322Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
    • H04L69/328Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the presentation layer [OSI layer 6]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Data Mining & Analysis (AREA)
  • Databases & Information Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The embodiment of the invention discloses a safety audit log playing method and device and relates to the field of safety audits. The operation time spent for safety audit log fixed point playback is shortened, and system resources occupied by graph drawing are reduced. When fixed point playback needs to be carried out on a pregenerated safety audit log, and a log segment with the time most approximate to the time starting point T is determined according to the time starting point T when playback needs to be carried out and the updating time of each full-screen graphic datum in the safety audit log; the safety audit log is composed of log segments; each log segment is within each preset time threshold value and is composed of one full-screen graphic datum and a plurality of local graphic data by using the full-screen graphic datum as the demarcation point; according to the full-screen graphic datum and the local graphic data in each determined log segment, a graph is drawn. Accordingly, the problems are solved.

Description

A kind of security audit daily record player method and device
Technical field
The present invention relates to security audit field, particularly relate to a kind of security audit daily record player method and device.
Background technology
Fort machine, namely under a specific network environment, in order to Logistics networks and data are by from the invasion of outside and internal user and destruction, and use the system mode of each part in various technological means real-time collecting and monitor network environment, security incident, network activity, so that a kind of technological means of concentrated alarm, record, analysis, process.Fort machine passes through conventional O&M agreement (RDP (Remote DesktopProtocol, RDP), VNC (Virtual Network Computing, Virtual network computer) etc.) adopt the mode of agency by agreement, cut off the direct access of operation maintenance personnel to server, all O&M operations all need to carry out through fort machine.The operation note of operation maintenance personnel in journal file, is carried out security audit for auditor and calls to account by fort machine.
VNC is that a kind of screen-picture of RFB (Remote Frame Buffer, Remote Frame Buffer) agreement that uses is shared and remote operation software.The server that operation maintenance personnel can use VNC client to have VNC to serve by fort machine access configuration, fort machine VNC agency by agreement carries out alternately as server and VNC client, also carries out alternately as client and VNC server simultaneously.VNC graphics streams, after receiving the graph data that VNC server beams back, is transmitted to client by VNC agency by agreement, and copies portion and be transmitted to security audit daily record generation module.View data, after resolving VNC protocol data-flow, is stored in file system according to security audit log file formats by security audit daily record generation module.The system architecture of VNC agency by agreement and log recording as shown in Figure 1.
But, VNC agreement of the prior art is the agreement upgraded based on area image, the image update (except first image update) for local recorded in security audit journal file, therefore when carrying out playback to daily record, each advance data bag is needed to carry out resolving and drawing, cause the locating speed fixing a point to play slow, can not quick position, affect customer experience.
Summary of the invention
Embodiments provide a kind of security audit daily record player method and device, the Fast Fixed-point achieving security audit daily record is play, and decreases the operation time during playback of security audit daily record fixed point.
A kind of security audit daily record player method, the method comprises:
When needing to carry out fixed point playback for the security audit daily record generated in advance, carry out the update time of each full screen graphics data in the time starting point T of playback and described security audit daily record as required, determine in time closest to the daily record fragment of described time starting point T; Described security audit daily record is made up of each daily record fragment; Described daily record fragment is within each described Preset Time threshold value, with full screen graphics data for separation, is made up of full screen graphics data and several local figure data;
According to the full screen graphics data in the daily record fragment determined and local graph data, drawing image.
A kind of security audit daily record playing device, this device comprises:
Daily record fragment determining unit, for when needing to carry out fixed point playback for the security audit daily record generated in advance, carry out the update time of each full screen graphics data in the time starting point T of playback and described security audit daily record as required, determine in time closest to the daily record fragment of described time starting point T; Described security audit daily record is made up of each daily record fragment; Described daily record fragment is within each described Preset Time threshold value, with full screen graphics data for separation, is made up of full screen graphics data and several local figure data;
Image Rendering unit, for the full screen graphics data in the daily record fragment that basis is determined and local graph data, drawing image.
As can be seen from such scheme, the embodiment of the present invention provides a kind of security audit daily record player method, and the security audit daily record in the embodiment of the present invention is made up of each daily record fragment, described daily record fragment is within each described Preset Time threshold value, with described full screen graphics data for separation, is made up of full screen graphics data and several local figure data, in embodiments of the present invention, local figure data in daily record fragment are all based on the full screen graphics data in same daily record fragment, and local figure data of the prior art are all the unique full screen graphics data returned based on server during initialization, therefore, when carrying out playback to security audit daily record, the embodiment of the present invention is drawn not needing the full screen graphics data returned from server during initialization, but it is upper closest to needing the full screen graphics data in the daily record fragment of the time starting point T carrying out playback to carry out Image Rendering to the time, thus the Fast Fixed-point achieving security audit daily record is play, decrease the operation time during playback of security audit daily record fixed point, reduce the system resource taken when carrying out graphic plotting.
Accompanying drawing explanation
In order to be illustrated more clearly in the technical scheme in the embodiment of the present invention, below the accompanying drawing used required in describing embodiment is briefly introduced, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is the configuration diagram of VNC system of the prior art;
The schematic flow sheet of a kind of security audit daily record player method that Fig. 2 provides for the embodiment of the present invention;
The schematic flow sheet of a kind of security audit daily record generation method that Fig. 3 provides for the embodiment of the present invention;
Fig. 4 is the form schematic diagram of the security audit daily record in the embodiment of the present invention;
A kind of schematic flow sheet that the security audit daily record generated in advance is play that Fig. 5 provides for the embodiment of the present invention;
The structural representation of a kind of security audit daily record playing device that Fig. 6 provides for the embodiment of the present invention.
Embodiment
In order to make the object, technical solutions and advantages of the present invention clearly, below in conjunction with accompanying drawing, the present invention is described in further detail, and obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making other embodiments all obtained under creative work prerequisite, belong to the scope of protection of the invention.
The embodiment of the present invention is applicable to VNC (Virtual Network Computing, Virtual network computer) system, be particularly useful for a kind of by least one client (Client), the VNC system of a server (Sever) and a graphics proxy composition.Client in the embodiment of the present invention, server and graphics proxy all can run on any computer equipment.
The embodiment of the present invention provides a kind of security audit daily record player method, and the security audit daily record in the embodiment of the present invention is made up of each daily record fragment, described daily record fragment is within each described Preset Time threshold value, with described full screen graphics data for separation, is made up of full screen graphics data and several local figure data, in embodiments of the present invention, local figure data in daily record fragment are all based on the full screen graphics data in same daily record fragment, and local figure data of the prior art are all the unique full screen graphics data returned based on server during initialization, therefore, when carrying out playback to security audit daily record, the embodiment of the present invention is drawn not needing the full screen graphics data returned from server during initialization, but it is upper closest to needing the full screen graphics data in the daily record fragment of the time starting point T carrying out playback to carry out Image Rendering to the time, thus the Fast Fixed-point achieving security audit daily record is play, decrease the operation time during playback of security audit daily record fixed point, reduce the system resource taken when carrying out graphic plotting.
Fig. 2 shows the schematic flow sheet of a kind of security audit daily record player method that the embodiment of the present invention provides, and as shown in Figure 2, the method comprises:
Step 21: when needing to carry out fixed point playback for the security audit daily record generated in advance, carry out the update time of each full screen graphics data in the time starting point T of playback and described security audit daily record as required, determine in time closest to the daily record fragment of described time starting point T; Described security audit daily record is made up of each daily record fragment; Described daily record fragment is within each described Preset Time threshold value, with full screen graphics data for separation, is made up of full screen graphics data and several local figure data;
Step 22: according to the full screen graphics data in the daily record fragment determined and local graph data, drawing image.
Optionally, in above-mentioned steps 22, describedly determine in time closest to the daily record fragment of described time starting point T, specifically comprise: the T1 and T2 update time of N+1 full screen graphics data update time obtaining N number of full screen graphics data, described N number of full screen graphics data and described N+1 full screen graphics data are any two adjacent in time full screen graphics data in described security audit daily record; As T1<T<T2, the daily record fragment at described N number of full screen graphics data place is defined as in time closest to the daily record fragment of described time starting point T.
Optionally, in above-mentioned steps 22, generate security audit daily record as follows: intercept and capture the figure update request bag that user end to server sends, according to described figure update request bag ask upgrade graphics field, determine whether to need to modify to described figure update request bag, if desired, then described server is given by amended figure update request Packet forwarding; Otherwise, give described server by the figure update request Packet forwarding that intercepts; Receive the full screen graphics data update time that also acquisition is corresponding that described server sends; According to described full screen graphics data and corresponding update time, generate up-to-date daily record fragment; And receive that described server sends carry out based on described full screen graphics data each local figure data of upgrading and obtain update time corresponding to each local figure data; Respectively by described local figure data and corresponding update time, add in the daily record fragment of up-to-date generation; According to each daily record fragment generated, generate security audit daily record.
Optionally, in above-mentioned steps, also comprise: the spacing distance determining two adjacent in time daily record fragments according to the document misregistration amount between the full screen graphics data that storage two is adjacent in time.
Optionally, in above-mentioned steps, described according to described figure update request bag ask upgrade graphics field, determine whether need described figure update request bag is modified, specifically comprise: judge whether described figure update request bag is full screen graphics update request bag; When described figure update request bag is full screen graphics update request bag, record the time that described client-requested carries out figure renewal, and give described server by the figure update request Packet forwarding that intercepts; When described figure update request bag is local figure update request bag, judge that described client-requested carries out this local figure renewal and whether the last time interval sent between full screen graphics update request bag is greater than Preset Time threshold value, if, then the figure update request intercepted is guaranteed the repair free of charge and change full screen graphics update request bag into, record the time that described client-requested carries out figure renewal, and give described server by amended figure update request Packet forwarding.
Optionally, in above-mentioned steps 21 ~ step 22, when the value of the increment incremental field in described figure update request be zero, the value of width width field equals initialization in described figure update request time described server and the described client width value in full screen graphics region of making an appointment and in described figure update request, the value of height height field equals initialization time described server and the height value in the described client full screen graphics region of making an appointment time, determine that described figure update request bag is full screen graphics update request bag.
Optionally, in above-mentioned steps 21 ~ step 22, when the value of the increment incremental field in described figure update request is non-zero, determine described figure update request bag ask upgrade graphics field be local figure region; The local figure data for responding described figure update request bag that the described server intercepted sends, specifically comprise: carry out the local figure data that upgrade and positional information based on described full screen graphics data.
Below the embodiment of the present invention is described in detail.
Fig. 3 shows the schematic flow sheet of a kind of security audit daily record generation method that the embodiment of the present invention provides, and as shown in Figure 3, the method comprises:
Step 31: graphics proxy intercept and capture user end to server send figure update request bag, according to described figure update request bag, judge described figure update request bag institute ask renewal graphics field whether be full screen graphics region; If so, then step 32 is performed; If not, then step 33 is performed.
During specific implementation, user end to server sends figure update request bag (FramebufferUpdateRequest), table 1 shows the form of the FramebufferUpdateRequest in the embodiment of the present invention, as shown in table 1, wherein, increment incremental field in FramebufferUpdateRequest for represent this FramebufferUpdateRequest ask upgrade graphics field whether be full screen graphics region, when incremental field is 0, this FramebufferUpdateRequest ask upgrade graphics field be full screen graphics region, when incremental field is non-zero, this FramebufferUpdateRequest ask upgrade graphics field be local figure region.
It should be noted that, before user end to server sends FramebufferUpdateRequest, client can set up the connection (being initial phase) on communication link in advance with server, the size in the full screen graphics region of the computer screen that this server runs on by server in advance informs to client, namely server sends ServerInit packet to client, comprises the size in full screen graphics region in this ServerInit packet.When user end to server sends for asking to upgrade the FramebufferUpdateRequest in full screen graphics region, the width width field of this FramebufferUpdateRequest is for representing the width value in full screen graphics region, and the height height field of this FramebufferUpdateRequest is for representing the height value in full screen graphics region.
Table 1
Field Byte number Type (value) Explanation
message-type 1 U8(3) Type of data packet, fixing value 3
incremental 1 U8 Whether ask incremental update
x-position 2 U16 The X value in request region
y-position 2 U16 The Y value in request region
width 2 U16 Request peak width
height 2 U16 Request region height
Step 32: when described figure update request bag is full screen graphics update request bag, records the time that the size in described full screen graphics region and described client-requested carry out figure renewal, and by the figure update request Packet forwarding that intercepts to described server.
During specific implementation, when described figure update request bag be full screen graphics update request bag (namely, the incremental field of this FramebufferUpdateRequest is 0) time, do not need to revise this FramebufferUpdateRequest, only need to record the time that client sends this FramebufferUpdateRequest; Afterwards, this FramebufferUpdateRequest is directly transmitted to server.That is, in the step 32, it is after the FramebufferUpdateRequest of 0 that graphics proxy intercepts incremental field, record after the width field of this FramebufferUpdateRequest, height field and client-requested carry out the time of full screen graphics renewal, this FramebufferUpdateRequest is directly transmitted to the server of the connection of setting up in advance on communication link, returns graph data with the content indicating server to ask according to this FramebufferUpdateRequest.In embodiments of the present invention, the graph data that now server returns should be full screen graphics data.It should be noted that, after execution step 32, directly can perform step 36.
Step 33: when described figure update request bag ask upgrade graphics field be local figure region time, judge that described client-requested is carried out the time interval that this local figure renewal and last time described client-requested carry out between full screen graphics renewal and whether is greater than Preset Time threshold value, if so, then step 34 is performed; If not, then step 35 is performed.
During specific implementation, when described figure update request bag ask upgrade graphics field be local figure region (namely, the incremental field of this FramebufferUpdateRequest is non-zero) time, further judgement client-requested is carried out the renewal of this local figure and is carried out full screen graphics renewal (namely with last client-requested, the incremental field of a upper FramebufferUpdateRequest is the time of 0) between the time interval whether be greater than Preset Time threshold value, if so, then step 34 is performed; If not, then step 35 is performed.It should be noted that, the Preset Time threshold value in the embodiment of the present invention can be preset according to actual use scenes, can also modify according to the actual requirements.Preferably, in embodiments of the present invention, this Preset Time threshold value can be 1 minute.For example, if Preset Time threshold value was revised as 30 seconds or the shorter time from 1 minute, then the frequency of full screen graphics renewal is higher, the file size of security audit daily record generated can become large, and stand-by period when reducing fixed point playback (stand-by period for full screen graphics update time to appointment playback time starting point between carry out the time that security audit daily record parsing and Image Rendering consume).Again for example, if Preset Time threshold value be revised as 2 minutes or the longer time from 1 minute, then the frequencies go lower of full screen graphics renewal, the file size of the security audit daily record of generation diminishes, and stand-by period during fixed point playback increases.
Step 34: when described client-requested carry out this local figure renewal and last time described client-requested carry out between full screen graphics renewal interval greater than Preset Time threshold value time, by the figure update request bag intercepted ask the size modification of graphics field upgraded to be the size in pre-recorded full screen graphics region, record the time that described client-requested carries out figure renewal, and give described server by amended figure update request Packet forwarding.
During specific implementation, when client-requested carry out this local figure renewal and last client-requested carry out between full screen graphics renewal interval greater than Preset Time threshold value time, the incremental field of the figure update request bag intercepted is revised as after 0 by graphics proxy, also by the figure update request bag intercepted ask the size modification of graphics field upgraded to be the size (size in the full screen graphics region of recording when initialization) in pre-recorded full screen graphics region, namely, width field in the FramebufferUpdateRequest intercepted is revised as the length value in full screen graphics region by graphics proxy, height field in the FramebufferUpdateRequest intercepted is revised as the height value in full screen graphics region, thus to complete the figure update request bag intercepted ask the size modification of graphics field upgraded to be the process of the size in pre-recorded full screen graphics region, further, graphics proxy record client-requested carries out the time of figure renewal, after completing the aforementioned steps, amended figure update request Packet forwarding to server, is returned graph data with the content indicating server to ask according to this FramebufferUpdateRequest by graphics proxy.In embodiments of the present invention, the graph data that now server returns should be full screen graphics data.It should be noted that, after execution step 34, can continue to perform step 36.
Step 35: when described client-requested carries out this local figure renewal and the last time, the described client-requested time interval of carrying out between full screen graphics renewal was not more than Preset Time threshold value, gives described server by the figure update request Packet forwarding that intercepts.
During specific implementation, when client-requested carries out this local figure renewal and the last client-requested time interval of carrying out between full screen graphics renewal is less than or equal to Preset Time threshold value, graphics proxy does not revise the figure update request bag intercepted, record client sends the time of this figure update request bag, and the figure update request bag intercepted directly is transmitted to server, return graph data with the content indicating server to ask according to this FramebufferUpdateRequest.In embodiments of the present invention, the graph data that now server returns should be local figure data.After execution step 35, continue to perform step 36.
Step 36: graphics proxy intercepts and captures the full screen graphics data for response pattern update request bag or the local figure data of the transmission of described server, and obtain corresponding update time, by the update time of the full screen graphics data that intercept or local figure data and correspondence, add in the daily record fragment of up-to-date generation in security audit daily record.
Concrete, described security audit daily record is made up of each daily record fragment; Described daily record fragment is within each described Preset Time threshold value, with described full screen graphics data for separation, is made up of full screen graphics data and several local figure data.
Optionally, in above-mentioned steps 36, the step generating security audit daily record specifically comprises: described graphics proxy receives the full screen graphics data update time that also acquisition is corresponding that described server sends; According to described full screen graphics data and corresponding update time, generate up-to-date daily record fragment; What described graphics proxy received that described server sends carry out based on described full screen graphics data each local figure data of upgrading and obtain update time corresponding to each local figure data; Respectively by described local figure data and corresponding update time, add in the daily record fragment of up-to-date generation; Described graphics proxy, according to each daily record fragment, generates security audit daily record.
Optionally, in above-mentioned steps 36, can also comprise: described graphics proxy determines the spacing distance of two adjacent in time daily record fragments according to the document misregistration amount between the adjacent in time full screen graphics data of storage two.
During specific implementation, Fig. 4 shows the form schematic diagram of the security audit daily record in the embodiment of the present invention, and after execution step 36, the form of the security audit daily record of generation as shown in Figure 4.Wherein, one can also be increased in the security audit daily record in the embodiment of the present invention for representing the document misregistration amount between current full screen graphics data and next full screen graphics data adjacent in time before each full screen graphics data.That is, when generating up-to-date daily record fragment, first retain the document misregistration amount field of this daily record fragment, after getting the document misregistration amount between this daily record fragment and next daily record fragment, then the document misregistration amount got is written to the document misregistration amount field retained in advance; Like this, graphics proxy can be made to get spacing distance for storing each daily record fragment fast, thus realize the fixed point playback of security audit daily record faster.
Optionally, in above-mentioned steps 31 ~ step 36, when the value of the increment incremental field in described figure update request is zero, described graphics proxy determines that described figure update request bag is full screen graphics update request bag; Width width field in described figure update request is for representing the width value in the full screen graphics region that described server and described client are made an appointment when initialization, and the height height field in described figure update request is for representing the height value in the full screen graphics region that described server and described client are made an appointment when initialization.
Optionally, in above-mentioned steps 31 ~ step 36, when the value of the increment incremental field in described figure update request is non-zero, described graphics proxy determine described figure update request bag ask upgrade graphics field be local figure region; The local figure data for responding described figure update request bag that the described server that described graphics proxy intercepts sends, comprising: carry out the local figure data that upgrade and positional information based on described full screen graphics data.
Fig. 5 shows a kind of schematic flow sheet play the security audit daily record generated in advance that the embodiment of the present invention provides, and as shown in Figure 5, the method can comprise:
Step 51: figure daily record player obtains the security audit daily record generated in advance.
Concrete, described security audit daily record is made up of each daily record fragment; Described daily record fragment is within each described Preset Time threshold value, with described full screen graphics data for separation, is made up of full screen graphics data and several local figure data.
During specific implementation, the embodiment of the present invention can generate security audit daily record by above-mentioned steps 31 ~ step 36, and the form of the security audit daily record in the embodiment of the present invention as shown in Figure 4.
Step 52: figure daily record player carries out the update time of each full screen graphics data in the time starting point T of playback and described security audit daily record as required, determines in time closest to the daily record fragment of described time starting point T.
Optionally, in above-mentioned steps 52, described figure daily record player obtains the T1 and T2 update time of N+1 full screen graphics data update time of N number of full screen graphics data, and described N number of full screen graphics data and described N+1 full screen graphics data are any two adjacent in time full screen graphics data in described security audit daily record; As T1<T<T2, the daily record fragment at described N number of full screen graphics data place is defined as in time closest to the daily record fragment of described time starting point T.
During specific implementation, for needing the time starting point T carrying out playback, figure daily record player obtains the update time of any two adjacent in time full screen graphics data, i.e. the T1 and T2 update time of N+1 full screen graphics data update time of N number of full screen graphics data; As T1<T<T2, the daily record fragment that figure daily record player is thought now belonging to T1 is the daily record fragment of time of closest approach starting point T in time, and daily record fragment belonging to T1 is before the daily record fragment belonging to time starting point T, further, figure daily record player can obtain the full screen graphics data of daily record fragment belonging to T1, and Image Rendering is carried out from these full screen graphics data, until be plotted to time starting point T, and proceed Image Rendering, achieve the function of Fast Fixed-point playback; Because the embodiment of the present invention without the need to drawing from the first two field picture of security audit daily record, but first find and time starting point T immediate daily record fragment in time, and carry out Image Rendering from the daily record fragment place found, thus greatly reduce the system resource and operation time that consume when carrying out Image Rendering.
Step 53: described figure daily record player according to the full screen graphics data in the daily record fragment determined and local graph data, drawing image.
As can be seen from such scheme, the embodiment of the present invention provides a kind of security audit daily record generation and player method, and the security audit daily record in the embodiment of the present invention is made up of each daily record fragment, described daily record fragment is within each described Preset Time threshold value, with described full screen graphics data for separation, is made up of full screen graphics data and several local figure data, in embodiments of the present invention, local figure data in daily record fragment are all based on the full screen graphics data in same daily record fragment, and local figure data of the prior art are all the unique full screen graphics data returned based on server during initialization, therefore, when carrying out playback to security audit daily record, the embodiment of the present invention is drawn not needing the full screen graphics data returned from server during initialization, but it is upper closest to needing the full screen graphics data in the daily record fragment of the time starting point T carrying out playback to carry out Image Rendering to the time, thus the Fast Fixed-point achieving security audit daily record is play, decrease the operation time during playback of security audit daily record fixed point, reduce the system resource taken when carrying out graphic plotting.
Fig. 6 shows a kind of security audit daily record playing device that the embodiment of the present invention provides, and as described in Figure 6, this device comprises:
Daily record fragment determining unit 61, for when needing to carry out fixed point playback for the security audit daily record generated in advance, carry out the update time of each full screen graphics data in the time starting point T of playback and described security audit daily record as required, determine in time closest to the daily record fragment of described time starting point T; Described security audit daily record is made up of each daily record fragment; Described daily record fragment is within each described Preset Time threshold value, with full screen graphics data for separation, is made up of full screen graphics data and several local figure data;
Image Rendering unit 62, for the full screen graphics data in the daily record fragment that basis is determined and local graph data, drawing image.
Optionally, described daily record fragment determining unit 61 specifically for, obtain the T1 and T2 update time of N+1 full screen graphics data update time of N number of full screen graphics data, described N number of full screen graphics data and described N+1 full screen graphics data are any two adjacent in time full screen graphics data in described security audit daily record; As T1<T<T2, the daily record fragment at described N number of full screen graphics data place is defined as in time closest to the daily record fragment of described time starting point T.
Optionally, this device also comprises:
Security audit daily record generation unit, for intercepting and capturing the figure update request bag that user end to server sends, according to described figure update request bag ask upgrade graphics field, determine whether to need to modify to described figure update request bag, if desired, then described server is given by amended figure update request Packet forwarding; Otherwise, give described server by the figure update request Packet forwarding that intercepts; Receive the full screen graphics data update time that also acquisition is corresponding that described server sends; According to described full screen graphics data and corresponding update time, generate up-to-date daily record fragment; And receive that described server sends carry out based on described full screen graphics data each local figure data of upgrading and obtain update time corresponding to each local figure data; Respectively by described local figure data and corresponding update time, add in the daily record fragment of up-to-date generation; According to each daily record fragment generated, generate security audit daily record.
Optionally, described security audit daily record generation unit is also for the spacing distance of determining two adjacent in time daily record fragments according to the document misregistration amount between the full screen graphics data that storage two is adjacent in time.
Optionally, described security audit daily record generation unit specifically for: judge whether described figure update request bag is full screen graphics update request bag; When described figure update request bag is full screen graphics update request bag, record the time that described client-requested carries out figure renewal, and give described server by the figure update request Packet forwarding that intercepts; When described figure update request bag is local figure update request bag, judge that described client-requested carries out this local figure renewal and whether the last time interval sent between full screen graphics update request bag is greater than Preset Time threshold value, if, then the figure update request intercepted is guaranteed the repair free of charge and change full screen graphics update request bag into, record the time that described client-requested carries out figure renewal, and give described server by amended figure update request Packet forwarding.
Optionally, when the value of the increment incremental field in described figure update request be zero, the value of width width field equals initialization in described figure update request time described server and the described client width value in full screen graphics region of making an appointment and in described figure update request, the value of height height field equals initialization time described server and the height value in the described client full screen graphics region of making an appointment time, determine that described figure update request bag is full screen graphics update request bag.
Optionally, when the value of the increment incremental field in described figure update request is non-zero, determine described figure update request bag ask upgrade graphics field be local figure region; The local figure data for responding described figure update request bag that the described server intercepted sends, specifically comprise: carry out the local figure data that upgrade and positional information based on described full screen graphics data.
The present invention describes with reference to according to the flow chart of the method for the embodiment of the present invention, equipment (system) and computer program and/or block diagram.Should understand can by the combination of the flow process in each flow process in computer program instructions realization flow figure and/or block diagram and/or square frame and flow chart and/or block diagram and/or square frame.These computer program instructions can be provided to the processor of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing device, make the function that the instruction that performed by the processor of this computer or other programmable data processing device can be specified in a flow process in realization flow figure or multiple flow process and/or block diagram square frame or multiple square frame.
These computer program instructions also can be stored in can in the computer-readable memory that works in a specific way of vectoring computer or other programmable data processing device, the instruction making to be stored in this computer-readable memory produces the manufacture comprising command device, and this command device realizes the function of specifying in flow chart flow process or multiple flow process and/or block diagram square frame or multiple square frame.
These computer program instructions also can be loaded in computer or other programmable data processing device, make on computer or other programmable devices, to perform sequence of operations step to produce computer implemented process, thus the instruction performed on computer or other programmable devices is provided for the step realizing the function of specifying in a flow process of flow chart or a square frame of multiple flow process and/or block diagram or multiple square frame.
Although describe the preferred embodiments of the present invention, those skilled in the art once obtain the basic creative concept of cicada, then can make other change and amendment to these embodiments.So claims are intended to be interpreted as comprising preferred embodiment and falling into all changes and the amendment of the scope of the invention.
Obviously, those skilled in the art can carry out various change and modification to the present invention and not depart from the spirit and scope of the present invention.Like this, if these amendments of the present invention and modification belong within the scope of the claims in the present invention and equivalent technologies thereof, then the present invention is also intended to comprise these change and modification.

Claims (14)

1. a security audit daily record player method, is characterized in that, the method comprises:
When needing to carry out fixed point playback for the security audit daily record generated in advance, carry out the update time of each full screen graphics data in the time starting point T of playback and described security audit daily record as required, determine in time closest to the daily record fragment of described time starting point T; Described security audit daily record is made up of each daily record fragment; Described daily record fragment is within each described Preset Time threshold value, with full screen graphics data for separation, is made up of full screen graphics data and several local figure data;
According to the full screen graphics data in the daily record fragment determined and local graph data, drawing image.
2. the method for claim 1, is characterized in that, describedly determines, in time closest to the daily record fragment of described time starting point T, specifically to comprise:
Obtain the T1 and T2 update time of N+1 full screen graphics data update time of N number of full screen graphics data, described N number of full screen graphics data and described N+1 full screen graphics data are any two adjacent in time full screen graphics data in described security audit daily record; As T1<T<T2, the daily record fragment at described N number of full screen graphics data place is defined as in time closest to the daily record fragment of described time starting point T.
3. the method for claim 1, is characterized in that, generates security audit daily record as follows:
Intercept and capture the figure update request bag that user end to server sends, according to described figure update request bag ask upgrade graphics field, determine whether to need to modify to described figure update request bag, if desired, then give described server by amended figure update request Packet forwarding; Otherwise, give described server by the figure update request Packet forwarding that intercepts;
Receive the full screen graphics data update time that also acquisition is corresponding that described server sends; According to described full screen graphics data and corresponding update time, generate up-to-date daily record fragment; And receive that described server sends carry out based on described full screen graphics data each local figure data of upgrading and obtain update time corresponding to each local figure data; Respectively by described local figure data and corresponding update time, add in the daily record fragment of up-to-date generation;
According to each daily record fragment generated, generate security audit daily record.
4. method as claimed in claim 3, it is characterized in that, the method comprises further:
The spacing distance of two adjacent in time daily record fragments is determined according to the document misregistration amount between the full screen graphics data that storage two is adjacent in time.
5. method as claimed in claim 3, is characterized in that, described graphics field of asking to upgrade according to described figure update request bag institute, determines whether that needs are modified to described figure update request bag, specifically comprise:
Judge whether described figure update request bag is full screen graphics update request bag;
When described figure update request bag is full screen graphics update request bag, record the time that described client-requested carries out figure renewal, and give described server by the figure update request Packet forwarding that intercepts;
When described figure update request bag is local figure update request bag, judge that described client-requested carries out this local figure renewal and whether the last time interval sent between full screen graphics update request bag is greater than Preset Time threshold value, if, then the figure update request intercepted is guaranteed the repair free of charge and change full screen graphics update request bag into, record the time that described client-requested carries out figure renewal, and give described server by amended figure update request Packet forwarding.
6. the method according to any one of claim 1-5, it is characterized in that, when the value of the increment incremental field in described figure update request is zero, when in described figure update request, the value of width width field equals initialization the full screen graphics region that described server and described client are made an appointment width value and in described figure update request, the value of height height field equals initialization time described server and the height value in the described client full screen graphics region of making an appointment time, determine that described figure update request bag is full screen graphics update request bag.
7. the method according to any one of claim 1-5, is characterized in that, when the value of the increment incremental field in described figure update request is non-zero, determine described figure update request bag ask upgrade graphics field be local figure region;
The local figure data for responding described figure update request bag that the described server intercepted sends, specifically comprise: carry out the local figure data that upgrade and positional information based on described full screen graphics data.
8. a security audit daily record playing device, is characterized in that, this device comprises:
Daily record fragment determining unit, for when needing to carry out fixed point playback for the security audit daily record generated in advance, carry out the update time of each full screen graphics data in the time starting point T of playback and described security audit daily record as required, determine in time closest to the daily record fragment of described time starting point T; Described security audit daily record is made up of each daily record fragment; Described daily record fragment is within each described Preset Time threshold value, with full screen graphics data for separation, is made up of full screen graphics data and several local figure data;
Image Rendering unit, for the full screen graphics data in the daily record fragment that basis is determined and local graph data, drawing image.
9. device as claimed in claim 8, is characterized in that, described daily record fragment determining unit specifically for,
Obtain the T1 and T2 update time of N+1 full screen graphics data update time of N number of full screen graphics data, described N number of full screen graphics data and described N+1 full screen graphics data are any two adjacent in time full screen graphics data in described security audit daily record; As T1<T<T2, the daily record fragment at described N number of full screen graphics data place is defined as in time closest to the daily record fragment of described time starting point T.
10. device as claimed in claim 8, it is characterized in that, this device also comprises:
Security audit daily record generation unit, for intercepting and capturing the figure update request bag that user end to server sends, according to described figure update request bag ask upgrade graphics field, determine whether to need to modify to described figure update request bag, if desired, then described server is given by amended figure update request Packet forwarding; Otherwise, give described server by the figure update request Packet forwarding that intercepts; Receive the full screen graphics data update time that also acquisition is corresponding that described server sends; According to described full screen graphics data and corresponding update time, generate up-to-date daily record fragment; And receive that described server sends carry out based on described full screen graphics data each local figure data of upgrading and obtain update time corresponding to each local figure data; Respectively by described local figure data and corresponding update time, add in the daily record fragment of up-to-date generation; According to each daily record fragment generated, generate security audit daily record.
11. devices as claimed in claim 10, is characterized in that, described security audit daily record generation unit also for:
The spacing distance of two adjacent in time daily record fragments is determined according to the document misregistration amount between the full screen graphics data that storage two is adjacent in time.
12. devices as claimed in claim 10, is characterized in that, described security audit daily record generation unit specifically for:
Judge whether described figure update request bag is full screen graphics update request bag;
When described figure update request bag is full screen graphics update request bag, record the time that described client-requested carries out figure renewal, and give described server by the figure update request Packet forwarding that intercepts;
When described figure update request bag is local figure update request bag, judge that described client-requested carries out this local figure renewal and whether the last time interval sent between full screen graphics update request bag is greater than Preset Time threshold value, if, then the figure update request intercepted is guaranteed the repair free of charge and change full screen graphics update request bag into, record the time that described client-requested carries out figure renewal, and give described server by amended figure update request Packet forwarding.
13. devices according to any one of claim 8-12, it is characterized in that, when the value of the increment incremental field in described figure update request is zero, when in described figure update request, the value of width width field equals initialization the full screen graphics region that described server and described client are made an appointment width value and in described figure update request, the value of height height field equals initialization time described server and the height value in the described client full screen graphics region of making an appointment time, determine that described figure update request bag is full screen graphics update request bag.
14. devices according to any one of claim 8-12, is characterized in that, when the value of the increment incremental field in described figure update request is non-zero, determine described figure update request bag ask the graphics field upgraded to be local figure region;
The local figure data for responding described figure update request bag that the described server intercepted sends, specifically comprise: carry out the local figure data that upgrade and positional information based on described full screen graphics data.
CN201410585044.5A 2014-10-27 2014-10-27 A kind of security audit daily record player method and device Active CN104468505B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410585044.5A CN104468505B (en) 2014-10-27 2014-10-27 A kind of security audit daily record player method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410585044.5A CN104468505B (en) 2014-10-27 2014-10-27 A kind of security audit daily record player method and device

Publications (2)

Publication Number Publication Date
CN104468505A true CN104468505A (en) 2015-03-25
CN104468505B CN104468505B (en) 2017-11-21

Family

ID=52913877

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410585044.5A Active CN104468505B (en) 2014-10-27 2014-10-27 A kind of security audit daily record player method and device

Country Status (1)

Country Link
CN (1) CN104468505B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104753954A (en) * 2015-04-13 2015-07-01 成都双奥阳科技有限公司 Method for using fortress machine to guarantee network security
CN107769981A (en) * 2017-11-03 2018-03-06 泰康保险集团股份有限公司 server uses management method and device
CN110832473A (en) * 2017-06-21 2020-02-21 华为技术有限公司 Log structure management system and method

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1588302A (en) * 2004-08-05 2005-03-02 深圳市友邻通讯设备有限公司 Computer screen catching monitoring and recording method
CN101197990A (en) * 2006-12-13 2008-06-11 四川川大智胜软件股份有限公司 Screen vision recording method irrelated with hardware and operating system platform
CN101848214A (en) * 2010-04-30 2010-09-29 南京德讯信息***有限公司 Free location and playback method based on RDP (Remote Desktop Protocol) audit data as well as system
CN102279739A (en) * 2011-06-10 2011-12-14 吴东辉 Recording method and application of screen operation
CN103970533A (en) * 2014-04-14 2014-08-06 深圳市深信服电子科技有限公司 Method and device for recording captured information on screen
US20140289847A1 (en) * 2013-03-20 2014-09-25 Watchguard Technologies, Inc. Systems and methods for scalable network monitoring

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1588302A (en) * 2004-08-05 2005-03-02 深圳市友邻通讯设备有限公司 Computer screen catching monitoring and recording method
CN101197990A (en) * 2006-12-13 2008-06-11 四川川大智胜软件股份有限公司 Screen vision recording method irrelated with hardware and operating system platform
CN101848214A (en) * 2010-04-30 2010-09-29 南京德讯信息***有限公司 Free location and playback method based on RDP (Remote Desktop Protocol) audit data as well as system
CN102279739A (en) * 2011-06-10 2011-12-14 吴东辉 Recording method and application of screen operation
US20140289847A1 (en) * 2013-03-20 2014-09-25 Watchguard Technologies, Inc. Systems and methods for scalable network monitoring
CN103970533A (en) * 2014-04-14 2014-08-06 深圳市深信服电子科技有限公司 Method and device for recording captured information on screen

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104753954A (en) * 2015-04-13 2015-07-01 成都双奥阳科技有限公司 Method for using fortress machine to guarantee network security
CN110832473A (en) * 2017-06-21 2020-02-21 华为技术有限公司 Log structure management system and method
CN110832473B (en) * 2017-06-21 2023-01-13 华为技术有限公司 Log structure management system and method
US11983159B2 (en) 2017-06-21 2024-05-14 Huawei Technologies Co., Ltd. Systems and methods for management of a log-structure
CN107769981A (en) * 2017-11-03 2018-03-06 泰康保险集团股份有限公司 server uses management method and device
CN107769981B (en) * 2017-11-03 2020-11-10 泰康保险集团股份有限公司 Server use management method and device

Also Published As

Publication number Publication date
CN104468505B (en) 2017-11-21

Similar Documents

Publication Publication Date Title
CN110765381B (en) Web publishing method and system of distribution network main station based on WebAssembly technology
CN112260853B (en) Disaster recovery switching method and device, storage medium and electronic equipment
US10404568B2 (en) Agent manager for distributed transaction monitoring system
CN104902327A (en) Method for updating and issuing page content, smart television and system
CN111913884A (en) Distributed test method, device, equipment, system and readable storage medium
CN105260082A (en) Display method for test data and development terminal
CN110083341A (en) A kind of front end development platform, front end development approach and page display method
CN112379963A (en) Remote application window control method and device and computer equipment
CN111435937A (en) Refreshing method and device for monitoring platform
CN104468505A (en) Safety audit log playing method and device
CN111010429B (en) Method and system for managing equipment running state based on platform of Internet of things
CN111897643A (en) Thread pool configuration system, method, device and storage medium
CN104731650A (en) Acquisition method and device for system interface call information
CN116418871A (en) Optimization system and method for data visualization large screen display control
CN109788251B (en) Video processing method, device and storage medium
CN103677519A (en) Method for collecting multimedia resource, terminal and server
CN113204425B (en) Method, device, electronic equipment and storage medium for process management internal thread
US10432490B2 (en) Monitoring single content page application transitions
CN105743669A (en) Data communication method and apparatus
CN103530370A (en) Method and system for visualization deduction based on electronic map
CN112416995B (en) Data statistics method, device, computer equipment and storage medium
CN109960562B (en) Information display method and device and computer readable storage medium
CN108880849B (en) Statistical method, device and system for attribute information
CN109388498A (en) A kind of processing method of mutual exclusion, device, equipment and medium
CN105302511A (en) Method and apparatus for improving display performance of client device under VDI (Virtualization Desktop Infrastructure) architecture

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP01 Change in the name or title of a patent holder

Address after: 100089 Beijing city Haidian District Road No. 4 North wa Yitai three storey building

Patentee after: NSFOCUS Technologies Group Co.,Ltd.

Patentee after: NSFOCUS TECHNOLOGIES Inc.

Address before: 100089 Beijing city Haidian District Road No. 4 North wa Yitai three storey building

Patentee before: NSFOCUS INFORMATION TECHNOLOGY Co.,Ltd.

Patentee before: NSFOCUS TECHNOLOGIES Inc.

CP01 Change in the name or title of a patent holder